Re: framework Digest, Vol 28, Issue 38

[John Biondolillo <johnb.electric () gmail com>]

Well they do provide some payload asm source in the
/msf/external/source/shellcode/ (i think this is the dir), but I can't seem
to find dl_exec asm only the hexcodes in the payload ruby file. And I'm not
having the best luck converting back to asm or disassembling the binary on
windows with ida and olly, based on a suggestion I'm gonna try to use
ndisasm on linux

On Mon, May 31, 2010 at 3:53 AM, Sachin Shinde <sachinshinde11 () gmail com>wrote:

> > > 1.  I can't find the asm source for download_exec, since its a simple
> payload its the next one I want to do, theres a million examples online but
> the one in the framework seems to be very reliable.Can anyone point me in
> the right direction to find it.
>
> All payloads are "hardcoded" .no asm source only hexcodes.(am I right ?)
>
> On Mon, May 31, 2010 at 12:30 AM,
> <framework-request () spool metasploit com> wrote:
> > Send framework mailing list submissions to
> >        framework () spool metasploit com
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> >        https://mail.metasploit.com/mailman/listinfo/framework
> > or, via email, send a message with subject or body 'help' to
> >        framework-request () spool metasploit com
> >
> > You can reach the person managing the list at
> >        framework-owner () spool metasploit com
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of framework digest..."
> >
> >
> > Today's Topics:
> >
> >   1. Dynamic creation of payload executables with metasm
> >      (John Biondolillo)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Sun, 30 May 2010 14:33:27 -0400
> > From: John Biondolillo <johnb.electric () gmail com>
> > To: framework () spool metasploit com
> > Subject: [framework] Dynamic creation of payload executables with
> >        metasm
> > Message-ID:
> >        <AANLkTimEHGQf1xCAe2J6K5Rtt1K48FNd-yoPmbiQ2m6v () mail gmail com>
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> > I know this is in the works but since I'm impatient I started working on
> it
> > my self. I've got a basic payload that just displays a message box with
> user
> > supplied data, its portable code so it can be used from Windows 2000 -
> > Windows 7, but I'm new to assembly so there is no polymorphism meaning if
> > you create two payloads with the same input they'd be identical I'm
> guessing
> > this is were the encoders come in.
> > I have two questions:
> >
> > 1.  I can't find the asm source for download_exec, since its a simple
> > payload its the next one I want to do, theres a million examples online
> but
> > the one in the framework seems to be very reliable.Can anyone point me in
> > the right direction to find it.
> >
> > 2. Whats this best way to make each payload unique, adding junk code,
> random
> > characters were able in the header, or just try to use one of the encoder
> > stubs?
> >
> > Thanks
> >
> > John
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <
> http://mail.metasploit.com/pipermail/framework/attachments/20100530/8e6f54db/attachment-0001.html
> > ------------------------------
> >
> > _______________________________________________
> > framework mailing list
> > framework () spool metasploit com
> > https://mail.metasploit.com/mailman/listinfo/framework
> >
> >
> > End of framework Digest, Vol 28, Issue 38
> > *****************************************
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework